OSV-2024-1397

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/spring-data-mongodb/OSV-2024-1397.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2024-1397

Withdrawn

2024-12-23T07:56:04.073259Z

Published

2024-12-23T00:07:37.280500Z

Modified

2024-12-23T00:07:37.280904Z

Summary

Security exception in org.springframework.expression.spel.ast.OpPlus.getValueInternal

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=385326423

Crash type: Security exception
Crash state:
org.springframework.expression.spel.ast.OpPlus.getValueInternal
java.base/java.util.HashMap.get
org.springframework.core.convert.TypeDescriptor.valueOf

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=385326423

Affected packages

OSS-Fuzz / spring-data-mongodb

Package

Name: spring-data-mongodb
Purl: pkg:generic/spring-data-mongodb

Affected ranges

Type: GIT
Repo: https://github.com/spring-projects/spring-data-mongodb
Events: Introduced

954f52ca7993cc4806b6e82adc50f8d5e3ae9fb9

Introduced

26d38c8a069c0cbf9b38d5d7d91f62784b81b75c

Affected versions

4.*

4.2.10

4.2.11

4.2.12

4.2.4

4.2.5

4.2.6

4.2.7

4.2.8

4.2.9

4.3.0

4.3.0-M2

4.3.0-RC1

4.3.1

4.3.2

4.3.3

4.3.4

4.3.5

4.3.6

4.3.7

4.4.0

4.4.0-M1

4.4.0-RC1

4.4.1

Ecosystem specific

{
    "severity": "LOW"
}

Database specific

source

"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/spring-data-mongodb/OSV-2024-1397.yaml"